<?php
$dbhost = "localhost";
$dbuser = "fossilplot";
$dbpass = "fossilplot";
$dbname = "fossilplot";
//Connect to MySQL Server
mysql_connect($dbhost, $dbuser, $dbpass);
//Select Database
mysql_select_db($dbname) or die(mysql_error());
// Retrieve data from Query String
$age = $_GET['age'];
$sex = $_GET['sex'];
$wpm = $_GET['wpm'];
$arrSel = $_GET['arrSel'];
//$sel = $_GET['sel'];
$tmps=str_replace('*','+',$arrSel);
echo "array is :".$tmps."<br>";
echo "age is ".$age."<br>";

// Escape User Input to help prevent SQL Injection
$age = mysql_real_escape_string($age);
$sex = mysql_real_escape_string($sex);
$wpm = mysql_real_escape_string($wpm);
//build query
$query = "SELECT * FROM ajax_example WHERE ae_sex = '$sex'";
if(is_numeric($age))
	$query .= " AND ae_age <= $age";
if(is_numeric($wpm))
	$query .= " AND ae_wpm <= $wpm";
//Execute query
$qry_result = mysql_query($query) or die(mysql_error());

//Build Result String
//echo "<table>";
//echo "<tr>";
//echo "<th>Name</th>";
//echo "<th>Age</th>";
//echo "<th>Sex</th>";
//echo "<th>WPM</th>";
//echo "</tr>";
//echo "<form name=\"mainform\">
	echo "	<select name=\"M\" size=5 multiple>";
// Insert a new row in the table for each person returned
while($row = mysql_fetch_array($qry_result)){
//	$display_string .= "<tr>";
//	$display_string .= "<td>$row[ae_name]</td>";
//	$display_string .= "<td>$row[ae_age]</td>";
//	$display_string .= "<td>$row[ae_sex]</td>";
	//$display_string .= "<td>$row[ae_wpm]</td>";
//	$display_string .= "</tr>";
	echo "<option>".$row['ae_name'] ."</option>";
}

//echo "</form>";
echo "Query: " . $query . "<br />";
//$display_string .= "</table>";
//echo $display_string;



?>
